htaccess username and password, htpasswd

[Gary]

BPS installed very easily. Now, how should I go about controlling access to my WordPress site using usernames and passwords? I read that I should use .htaccess and .htpassword files. Where would such information be inserted into this secure .htaccess file? And, where do I put the .htpassword file? Hopefully these changes won’t compromise security. Please advise if I’m off topic here.

[AITpro Admin]

We do not recommend adding additional directory password protection for the wp-admin folder/the WP Dashboard for these 2 main reasons.

1. WordPress already has authentication protection to the wp-admin folder/the WP Dashboard.  Adding a second login does not really make the wp-admin folder/the WP Dashboard any more secure.

2. Visitors to your website will have problems registering to your site.

If you still want to do this anyway then you would add directory protection in your web host control panel for the wp-admin folder and then combine that code into your BPS wp-admin .htaccess file.

[Gary]

My intent is to create an ‘internal’ website with sensitive administrative information. So, I wish to control access and visibility to this subdomain website to only ‘authorised’ users. It sounds like users of the site will have to log in twice; once thru .htaccess, then thru the WordPress login tools?

[AITpro Admin]

Then I think what you really want/need is a Member’s Only type of plugin.  There are a lot of those types of plugins to choose from in the WordPress plugin repository.  Directory protection / BasicAuth is designed more for limited access such as 1 to 3 people on a regular basis need to login to that protected directory.  It is not convenient and it is not possible to allow users to create their own usernames and passwords.  You would have to create them in your Web Host control panel.

[Author]

Posts